Re: SSH Blocking

To: debian-user@lists.debian.org
Subject: Re: SSH Blocking
From: Hans du Plooy <hansdp@sagacit.com>
Date: Mon, 25 Apr 2005 19:26:00 +0200
Message-id: <[🔎] 1114449960.7962.68.camel@twoflower.sagacit.com>
Reply-to: hansdp@sagacit.com
In-reply-to: <[🔎] 426D01F2.4000900@pressenter.com>
References: <[🔎] 426D01F2.4000900@pressenter.com>

On Mon, 2005-04-25 at 09:42 -0500, Nick Miller wrote:
> Hello All,
> 
>   I maintain a couple of exim mail servers on the Internet and I have 
> noticed that a lot of people will try to gain access to these machines 
> by trying multiple SSH logins with all sorts of names. I am wondering if 
> there is an option in SSHD to block an IP after a certain amount of 
> failed login attempts as any user?

I haven't done that yet, but I did this.
In /etc/ssh/sshd_config, set MaxStartups to a low number, say 2.  There
is another option that specifies how long sshd waits before returning
the lonin prompt after a failed attempt, but for the life of me I can't
find it now.  If you set this option to something high, like 600
seconds, an attacker will only be able to try twice in ten minutes. 

In adition, setting PermitRootLogin to "no" will make it much harder.
Most of the ssh bruteforce scripts I've seen, tries to log in as root,
so this makes most of them useless.

-- 
Kind regards
Hans du Plooy
SagacIT (Pty) Ltd
hansdp at sagacit dot com

Reply to:

References:
- SSH Blocking
  - From: Nick Miller <nick@pressenter.com>

Prev by Date: Re: SSH Blocking
Next by Date: Re: OT: can I send CDs by mail to Germany?
Previous by thread: Re: SSH Blocking
Next by thread: Re: SSH Blocking
Index(es):
- Date
- Thread